Skip to content
  1. Aug 06, 2014
    • Adam Langley's avatar
      Fix return code for truncated DTLS fragment. · aad61c0a
      Adam Langley authored
      
      
      Previously, a truncated DTLS fragment in
      |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
      the return value would still be the number of bytes read. This would
      cause |dtls1_get_message| not to consider it an error and it would
      continue processing as normal until the calling function noticed that
      *ok was zero.
      
      I can't see an exploit here because |dtls1_get_message| uses
      |s->init_num| as the length, which will always be zero from what I can
      see.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      aad61c0a
    • Adam Langley's avatar
      Fix memory leak from zero-length DTLS fragments. · 8ca4c4b2
      Adam Langley authored
      
      
      The |pqueue_insert| function can fail if one attempts to insert a
      duplicate sequence number. When handling a fragment of an out of
      sequence message, |dtls1_process_out_of_seq_message| would not call
      |dtls1_reassemble_fragment| if the fragment's length was zero. It would
      then allocate a fresh fragment and attempt to insert it, but ignore the
      return value, leaking the fragment.
      
      This allows an attacker to exhaust the memory of a DTLS peer.
      
      Fixes CVE-2014-3507
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      8ca4c4b2
    • Matt Caswell's avatar
      Fix DTLS handshake message size checks. · 0598468f
      Matt Caswell authored
      
      
      In |dtls1_reassemble_fragment|, the value of
      |msg_hdr->frag_off+frag_len| was being checked against the maximum
      handshake message size, but then |msg_len| bytes were allocated for the
      fragment buffer. This means that so long as the fragment was within the
      allowed size, the pending handshake message could consume 16MB + 2MB
      (for the reassembly bitmap). Approx 10 outstanding handshake messages
      are allowed, meaning that an attacker could consume ~180MB per DTLS
      connection.
      
      In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
      check was applied.
      
      Fixes CVE-2014-3506
      
      Wholly based on patch by Adam Langley with one minor amendment.
      
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      0598468f
    • Matt Caswell's avatar
    • Adam Langley's avatar
      Avoid double free when processing DTLS packets. · 49850075
      Adam Langley authored
      The |item| variable, in both of these cases, may contain a pointer to a
      |pitem| structure within |s->d1->buffered_messages|. It was being freed
      in the error case while still being in |buffered_messages|. When the
      error later caused the |SSL*| to be destroyed, the item would be double
      freed.
      
      Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74
      
       was
      inconsistent with the other error paths (but correct).
      
      Fixes CVE-2014-3505
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      49850075
  2. Aug 01, 2014
  3. Jul 30, 2014
  4. Jul 24, 2014
    • Dr. Stephen Henson's avatar
      Add conditional unit testing interface. · 789b1259
      Dr. Stephen Henson authored
      
      
      Don't call internal functions directly call them through
      SSL_test_functions(). This also makes unit testing work on
      Windows and platforms that don't export internal functions
      from shared libraries.
      
      By default unit testing is not enabled: it requires the compile
      time option "enable-unit-test".
      Reviewed-by: default avatarGeoff Thorpe <geoff@openssl.org>
      (cherry picked from commit e0fc7961)
      
      Conflicts:
      
      	ssl/heartbeat_test.c
      	ssl/ssl.h
      	util/mkdef.pl
      789b1259
  5. Jul 22, 2014
  6. Jul 21, 2014
  7. Jul 20, 2014
  8. Jul 19, 2014
  9. Jul 17, 2014
  10. Jul 16, 2014
  11. Jul 15, 2014
  12. Jul 14, 2014
  13. Jul 13, 2014
  14. Jul 10, 2014
  15. Jul 09, 2014